nixos-config/machines/shinobu/services/router/nft.nix

{ config, lib, ... }:
let
  cfg = import ./common.nix;

  flattenAttrValues = attrs: lib.flatten (map (v: if lib.isAttrs v then flattenAttrValues v else v) (lib.attrValues attrs));

  mkKeyValue = lib.generators.mkKeyValueDefault
    rec {
      # specifies the generated string for a subset of nix values
      mkValueString = v:
        if lib.isString v then ''"${v}"''
        else if lib.isList v then ''{ ${lib.concatMapStringsSep ", " mkValueString v} }''
        else lib.generators.mkValueStringDefault { } v;
    } " = ";

  defines = lib.concatStringsSep
    "\n"
    (flattenAttrValues
      (lib.mapAttrsRecursive
        (path: value: "define " + (mkKeyValue ''CFG_${lib.concatStringsSep "_" path}'' value))
        cfg));
in
{
  networking.nftables = {
    enable = true;
    ruleset = ''
      ${defines}

      include "${./rules.nft}"
    '';
  };
}
shinobu/router: Split configuration 2023-09-24 14:41:22 +02:00			`{ config, lib, ... }:`
			`let`
			`cfg = import ./common.nix;`

			`flattenAttrValues = attrs: lib.flatten (map (v: if lib.isAttrs v then flattenAttrValues v else v) (lib.attrValues attrs));`

			`mkKeyValue = lib.generators.mkKeyValueDefault`
			`rec {`
			`# specifies the generated string for a subset of nix values`
			`mkValueString = v:`
			`if lib.isString v then ''"${v}"''`
			`else if lib.isList v then ''{ ${lib.concatMapStringsSep ", " mkValueString v} }''`
			`else lib.generators.mkValueStringDefault { } v;`
			`} " = ";`

			`defines = lib.concatStringsSep`
			`"\n"`
			`(flattenAttrValues`
			`(lib.mapAttrsRecursive`
			`(path: value: "define " + (mkKeyValue ''CFG_${lib.concatStringsSep "_" path}'' value))`
			`cfg));`
			`in`
			`{`
			`networking.nftables = {`
			`enable = true;`
			`ruleset = ''`
			`${defines}`

			`include "${./rules.nft}"`
			`'';`
			`};`
			`}`